Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Home Volatility Framework 2.1 Released with x64 arch support
Software Release

Volatility Framework 2.1 Released with x64 arch support

Tuesday, August 07, 2012


The new version of Volatility  2.1 has been released. While the main goal of this release was to get x64 support into an official release, more interesting features has been included in this release.

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.

* New Address Spaces (AMD64PagedMemory, WindowsCrashDumpSpace64)
    Majority of Existing Plugins Updated with x64 Support
    Merged Malware Plugins into Volatility Core with Preliminary x64 Support (see FeaturesByPlugin21)
    WindowsHiberFileSpace32 Overhaul (also includes x64 Support)
*Expanded Operating System Profiles:
        Windows XP SP1, SP2 and SP3 x86
        Windows XP SP1 and SP2 x64 (there is no SP3 x64)
        Windows Server 2003 SP0, SP1, and SP2 x86
        Windows Server 2003 SP1 and SP2 x64 (there is no SP0 x64)
        Windows Vista SP0, SP1, and SP2 x86
        Windows Vista SP0, SP1, and SP2 x64
        Windows Server 2008 SP1 and SP2 x86 (there is no SP0)
        Windows Server 2008 SP1 and SP2 x64 (there is no SP0)
        Windows Server 2008 R2 SP0 and SP1 x64
        Windows 7 SP0 and SP1 x86
        Windows 7 SP0 and SP1 x64
*Plugin Additions (Now Over 70+ Analysis Plugins!):
        Printing Process Environment Variables (envvars)
        Inspecting the Shim Cache (shimcache)
        Profiling Command History and Console Usage (cmdscan, consoles)
        Converting x86 and x64 Raw Dumps to MS CrashDump (raw2dmp)
* Plugin Enhancements:
        Verbose details for kdbgscan and kpcrscan
        idt/gdt/timers plugins cycle automatically for each CPU
        apihooks detects LSP/winsock procedure tables
        New Output Formatting Support (Table Rendering)
 *New Mechanism for Profile Modifications
 *New Registry API Support
 *New Volshell Commands
 * Updated Documentation and Command Reference

The next version Volatility 2.2 will be released by developers at the Open Memory Forensics Workshop 2012 on October 2.

Download




Tags: Software Release
Share it:

Software Release